search cancel

Where is the keystore for LDAPS linked for Spectrum OneClick server setup


Article ID: 107100


Updated On:


CA Spectrum


CA Spectrum OneClick service (OC-server) configuration with secured LDAP (LDAPs) will be possible only by default Spectrum keystore configuration. This requires LDAPs related Certificate needs to be part of default $SPECROOT/custom/keystore/cacerts.

So even CA Spectum Oneclick service configruation for the Tomcat-webserver allows via ./tomcat/conf/server.xml - here parameter "keystore" - to specify the keystore location (and keystore filename and key-pass) - this is affecting the Tomcat-Connector (for https) - but this is not effective for the LDAPs connector.


LDAPs connector is using default only keystore file "cacerts". 


This is valid for any OC-server platform OS/host. 


So even using for OC-"https"-service specific keystore file, please add the required Certificate for the LDAPs connector to the default keystore $SPECROOT/custom/keystore/cacerts. At practical level the default keystore file only covers the LDAPs connector cert only then.  
This functionality is addressed for post CA Spectrum R10.3 improvements.